W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Rejecting messages with illegal characters in header fields (was Re: h2 header field names)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 04 Sep 2014 20:26:30 +0200
Message-ID: <5408AED6.6070007@gmx.de>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2014-09-04 20:20, Martin Thomson wrote:
> On 3 September 2014 23:53, Julian Reschke <julian.reschke@gmx.de> wrote:
>> Wait! Percent-Encoded?
>
> OK, then we treat header field values containing forbidden characters
> as malformed?  That invalidates a non-zero number of requests that our
> various test runs have detected, I think.  Are we OK with that?  I am,
> but I'm not as naturally conservative as some folks here.

I believe it's strictly better than rewriting to something the recipient 
doesn't exist...
Received on Thursday, 4 September 2014 18:27:06 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC